CVE-2023-0052
CVSS V2 None
CVSS V3 None
Description
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.
Overview
- CVE ID
- CVE-2023-0052
- Assigner
- ics-cert@hq.dhs.gov
- Vulnerability Status
- Analyzed
- Published Version
- 2023-01-20T22:15:10
- Last Modified Date
- 2023-02-02T14:21:46
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:sauter-controls:nova_220_eyk220f001_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.3-006 | |
| cpe:2.3:h:sauter-controls:nova_220_eyk220f001:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:sauter-controls:nova_230_eyk230f001_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.3-006 | |
| cpe:2.3:h:sauter-controls:nova_230_eyk230f001:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:sauter-controls:nova_106_eyk300f001_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.3-006 | |
| cpe:2.3:h:sauter-controls:nova_106_eyk300f001:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:sauter-controls:modunet300_ey-am300f001_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.3-006 | |
| cpe:2.3:h:sauter-controls:modunet300_ey-am300f001:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:sauter-controls:modunet300_ey-am300f002_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.3-006 | |
| cpe:2.3:h:sauter-controls:modunet300_ey-am300f002:-:*:*:*:*:*:*:* | 0 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-0052 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0052 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-01-20 23:14:10 | Added to TrackCVE | |||
| 2023-01-20 23:14:10 | Weakness Enumeration | new | ||
| 2023-01-23 15:14:29 | 2023-01-23T15:08:08 | CVE Modified Date | updated | |
| 2023-01-23 15:14:29 | Received | Awaiting Analysis | Vulnerability Status | updated |
| 2023-01-31 17:14:25 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2023-02-02 15:14:47 | 2023-02-02T14:21:46 | CVE Modified Date | updated | |
| 2023-02-02 15:14:47 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2023-02-02 15:14:49 | CPE Information | updated |